With spring just around the corner, there are some exciting changes on the horizon, namely the easing of COVID-19 restrictions and a welcome return to life as we know it.
However, one thing that’s showing no signs of stopping or slowing down is the cybercrime industry, which is expected to grow by 15% per year over the next five years.
Accenture’s 2021 State of Cybersecurity report found that for 81% of companies, “staying ahead of attackers is a constant battle and the cost is unsustainable”.
Phishing and ransomware are the two most prevalent forms of cyberattacks in Ireland, with ransomware attacks costing Irish companies over €2 billion in 2020.
Consumers were once the primary targets of ransomware attacks, but cybercriminals have now shifted their attention toward businesses and government organisations, where the potential financial rewards are much greater.
In 2020 in Ireland alone, the economic cost of cybercrime was €9.6 billion. By 2025, it is estimated that the annual cost to businesses around the world will be a staggering $10.5 trillion.
Ireland is a prime target for cyberattacks in Europe
Ireland is no stranger to cyberattacks, with a growing number of businesses being targeted every year.
In 2020, 70% of Irish businesses fell victim to a cyberattack. That same year, the PwC Irish Economic Crime Survey reported that cybercrime in Ireland was double the global average, and three times as disruptive.
Another survey by mobile security firm CWSI found that Ireland has experienced a much higher increase in cyberattacks than the rest of Europe. In the last year, 54% of Irish companies have seen a rise in cybersecurity breach attempts, compared with the European average of 42%.
These statistics show that our cybersecurity strategy and implementation is simply not good enough. To put it bluntly, Ireland is an easy target for opportunistic cybercriminals.
Inadequate government action
In 2019, the National Cyber Security Strategy outlined the government’s plans to increase the country’s ability to respond to and manage cybersecurity incidents.
Just last year, however, a government-commissioned external report found that an “urgent review” of the National Cyber Security Centre’s internal structure was needed.
Many of the objectives laid out in the strategy were not being met due to a lack of resources, a shortage of skilled staff, and not enough funding being allocated.
Speaking about last year’s ransomware attack on the HSE, which cost over €100 million, Sinn Féin’s Darren O’Rourke commented that the State “could have been better prepared and should have been better prepared”, since the report highlighted several areas of concern.
Several months after the attack, the Irish Independent reported that over 30,000 computers within the HSE network were still using Windows 7, an outdated operating system that lacks the latest cybersecurity technologies.
In defence of these claims, Mr Smyth said that around half of those computers were linked to machines that were not compatible with updated software. However, he did say that plans to update the HSE’s computers were in the pipeline.
The government was also criticised for its inadequate cybersecurity budget, which provided €13.8 million to the NCSC between 2017 and 2021. In contrast, the island state of Malta is due to spend €1.9bn on cybersecurity over the next six years.
Fighting an uphill battle
With many industry insiders of the opinion that the Irish Government is not responding urgently enough to the ever-evolving threat landscape, many Irish organisations will remain an easy target for cybercriminals.
Unless serious action is taken, it is only a matter of time before the next HSE-style attack happens.
These statistics echo concerns raised by Grant Thornton’s cybersecurity team in 2020. After publishing the Economic Cost of Cybercrime report, they concluded that “it is not a question of ‘if’ an Irish business will be the victim of a cyberattack, but a question of ‘when’”.
They also added that “the ability of businesses to detect and react to an attack will be the key factor in limiting the impact”.
Cyber Risk Mitigation
With a centralised government response looking unlikely, Irish businesses need to take a proactive, forward-thinking approach to cyber risk mitigation.
At Calnet IT, we provide reliable support and expert solutions for all your cybersecurity needs, including:
- Infrastructure-as-a-service (IaaS)
- Firewall-as-a-service (FWaaS)
- Network Infrastructure Management services
- Cyber Security Awareness Training
Cybercriminals aren’t going to stop targeting Irish companies any time soon, but that doesn’t mean you should make life easy for them.
To learn more about future-proofing your cybersecurity infrastructure, get in touch with us today.